Total
3364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45208 | 2 D-link, Dlink | 3 Dap-x1860, Dap-1860, Dap-1860 Firmware | 2024-11-21 | 8.8 High |
| A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | ||||
| CVE-2023-44959 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | 8.8 High |
| An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | ||||
| CVE-2023-44827 | 1 Easycorp | 3 Zentao, Zentao Biz, Zentao Max | 2024-11-21 | 8.8 High |
| An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | ||||
| CVE-2023-43891 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 9.8 Critical |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | ||||
| CVE-2023-43510 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.7 Medium |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | ||||
| CVE-2023-43477 | 1 Telstra | 2 Arcadyan Lh1000, Arcadyan Lh1000 Firmware | 2024-11-21 | 6.8 Medium |
| The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | ||||
| CVE-2023-43455 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. | ||||
| CVE-2023-43453 | 1 Totolink | 2 X6000r, X6000r Firmware | 2024-11-21 | 9.8 Critical |
| An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. | ||||
| CVE-2023-43322 | 1 Zpesystems | 1 Nodegrid Os | 2024-11-21 | 8.8 High |
| ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | ||||
| CVE-2023-43207 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. | ||||
| CVE-2023-43206 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. | ||||
| CVE-2023-43204 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. | ||||
| CVE-2023-43202 | 1 Dlink | 2 Dwl-6610ap, Dwl-6610ap Firmware | 2024-11-21 | 8 High |
| D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. | ||||
| CVE-2023-43138 | 2 Tp-link, Tplink | 3 Tl-er5120g, Tl-er5120g Firmware, Tl-er5120g | 2024-11-21 | 8.8 High |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | ||||
| CVE-2023-43137 | 2 Tp-link, Tplink | 3 Tl-er5120g, Tl-er5120g Firmware, Tl-er5120g | 2024-11-21 | 8.8 High |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | ||||
| CVE-2023-43128 | 2 D-link, Dlink | 4 Dir-806 1200m11ac, Dir806a1 Fw100cnb11, Dir-806 and 1 more | 2024-11-21 | 9.8 Critical |
| D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. | ||||
| CVE-2023-42810 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 9.8 Critical |
| systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only). | ||||
| CVE-2023-42326 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-11-21 | 8.8 High |
| An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | ||||
| CVE-2023-42136 | 1 Paxtechnology | 9 A50, A6650, A77 and 6 more | 2024-11-21 | 7.8 High |
| PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability. | ||||
| CVE-2023-41303 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | ||||